🕵️‍♂️ Emoji Investigator ™

questionable content, possibly linked 🔎 👣 💡

Category: Assessment (Page 1 of 3)

Million dollar question – Facebook ad buys

September 2017 CNN reporting on BLM ads targeting Baltimore & Ferguson.

“Senator Mark Warner, the top-ranking Democrat on the Senate Intelligence Committee, said Tuesday that the “million-dollar question” about the Facebook ads centered on how the Russians knew whom to target.”

Were they being fed statistical targeting information, and by whom? Or were they just guessing?

Maybe that investigation will uncover some evidence it can share with the public.

Engadget September 2017 article claiming FB knew well in advance of the election what was happening with the ad buys.

“Despite once saying that it was “crazy” to believe Russians influenced the 2016 election, Facebook knew about a possible operation as early as June, 2016, the Washington Post reports. It only started taking it seriously after President Obama met privately with CEO Mark Zuckerberg ahead of Trump’s inauguration. He warned that if the social network didn’t take action to mitigate fake news and political agitprop, it would get worse during the next election. Obama’s aides are said to regret not doing more to handle the problem.”

Appears to be Washington Post September 2017 source of above:

“These issues have forced Facebook and other Silicon Valley companies to weigh core values, including freedom of speech, against the problems created when malevolent actors use those same freedoms to pump messages of violence, hate and disinformation.”

… “Facebook’s efforts were aided in part by the relatively transparent ways in which the extremist group sought to build its global brand. Most of its propaganda messages on Facebook incorporated the Islamic State’s distinctive black flag — the kind of image that software programs can be trained to automatically detect.

In contrast, the Russian disinformation effort has proven far harder to track and combat because Russian operatives were taking advantage of Facebook’s core functions, connecting users with shared content and with targeted native ads to shape the political environment in an unusually contentious political season, say people familiar with Facebook’s response.”

… “The sophistication of the Russian tactics caught Facebook off-guard. Its highly regarded security team had erected formidable defenses against traditional cyber attacks but failed to anticipate that Facebook users — deploying easily available automated tools such as ad micro-targeting — pumped skillfully crafted propaganda through the social network without setting off any alarm bells.”

This is interesting:

“He described how the company had used a technique known as machine learning to build specialized data-mining software that can detect patterns of behavior — for example, the repeated posting of the same content — that malevolent actors might use.

The software tool was given a secret designation, and Facebook is now deploying it and others in the run-up to elections around the world. It was used in the French election in May, where it helped disable 30,000 fake accounts, the company said. It was put to the test again on Sunday when Germans went to the polls. Facebook declined to share the software tool’s code name. ”

… “Instead of searching through impossibly large batches of data, Facebook decided to focus on a subset of political ads.

Technicians then searched for “indicators” that would link those ads to Russia. To narrow down the search further, Facebook zeroed in on a Russian entity known as the Internet Research Agency, which had been publicly identified as a troll farm.

“They worked backwards,” a U.S. official said of the process at Facebook.”

The Atlantic, September 2017.

“The problem appears to have been that Facebook’s spam- and fraud-tuned machine-learning systems could not see any differences between the “legitimate” speech of Americans discussing the election and the work of Russian operatives.”

Regarding WP quote above:

“I take this to mean that they identified known Internet Research Agency trolls, looked at the ads they posted, and then looked for similar ads being run, liked, or shared by other accounts.”

This is a very good direction of conjecture, if you ask me:

“Regular digital agencies (and media companies) routinely use Facebook ad buys to test whether stories and their attached “packaging” will fly on the social network. You run a bunch of different variations and find the one that the most people share. If the Internet Research Agency is basically a small digital agency, it would be quite reasonable that there was a small testing budget to see what content the operatives should push. In this case, the buys wouldn’t be about direct distribution of content—they aren’t trying to drive clicks or page likes—but merely to learn about what messages work.”

And:

“And the last possibility is that the Internet Research Agency wanted to make a buy that it knew would get Facebook in trouble with the government once it was revealed. Think of it as corporate kompromat. Surely the Internet Research Agency would know that buying Facebook ads would look bad for Facebook, not to mention sowing the discord that seems to have been the primary motivation for the information campaign.”

I’m sure the truth is some blend of all of the above, and we may not be privy to it any time soon.

North-Western Service Agency Links

From Wikipedia Internet Research Agency article, current to Nov. 2017:

“According to journalists’ investigations, the office in Olgino was named as Internet Research Agency Ltd. (Russian: ООО «Агентство интернет-исследований»).[3][8] The company was founded in the summer of 2013.[6]

Journalists also point out that Alexey Soskovets, who had participated in Russian youth political community, was directly connected to the office in Olgino. His company, North-Western Service Agency, won 17 or 18 (according to different sources) contracts for organizing celebrations, forums and sport competitions for authorities of Saint Petersburg. The agency was the only participant in half of those bids. In the summer of 2013 the agency won a tender for providing freight services for participants of Seliger camp.[3][9]”

… “Novaya Gazeta newspaper reported that, according to Alexey Soskovets, head of the office in Olgino, North-Western Service Agency was hiring employees for similar projects in Moscow and other cities in 2013.[3]”

Novaya Gazeta September 2013 article link. (Auto-translated Google Chrome extension)

“We meet with a friend Alexei Soskovets – a native of the youth polittusovki. In “friends” VKontakte he has a lot of activists of the movement “Nashi”, “Young Guard of United Russia” and employees of the Committee for Youth Policy of St. Petersburg, including the former head of the committee Nikita Alexandrov.

In 2013, Soskovets’s “North-West Service Agency” won 18 contests for the organization of holidays, forums and sports events for St. Petersburg authorities. In half of the competitions the agency participated alone. In the summer of 2013, the contest for transport services for participants of the camp “Seliger” won.”

Wish I had a human-translation of this, because the article seems quite relevant and interesting:

“While filling in the questionnaires, Alexey described our functionality. According to him, now they are engaged in increasing the index of certain articles. “There are different articles – social, business, political and so on. We act on the principle of “Yandex-market”, – he began. – “Yandex-Market” is a huge online store that says where it is better to buy. Under each product there is a comment of people who say that this is an excellent phone, this is a bad phone. Alas, the realities of life are such that not always people want to write the first comments. We need to increase the attendance of the site. This can be done by robots, but robots do their work mechanically, and sometimes a system like “Yandex” bans them. Therefore, it was decided to do it by people. Write a comment from yourself with the vector indicated by us. For example, about the G-20, you can write that it is very honorable for Russia,”

Here we go, as far as other offices goes:

“”Now we are recruiting people, in several cities we are acting – Moscow, Peter”, Alexey specifies. He says that they do not have anything to do with Nashi, but it does not exclude that something like that will turn out.”

So Alexey may have an explicit Nashi connection which could make an explicit personnel bridge between Nashi and IRA.

Outside of the above, I’m not finding much reliable source information on Alexei / Alexey Soskovets and North-West / North-Western Service Agency. Or in conjunction with mentions of Moscow. Maybe a Russian-language business search would turn something up, but I’m not quite there yet.

In fact, the frequency with which the Wikipedia IRA source text is quoted verbatim on third party forums is dubious in and of itself.

Volodin’s Prism

Continuing a branch from Internet Research Agency source reference sheet.

Chen, 2015, NYT article:

“Volodin, a lawyer who studied engineering in college, approached the problem as if it were a design flaw in a heating system. Forbes Russia reported that Volodin installed in his office a custom-designed computer terminal loaded with a system called Prism, which monitored public sentiment online using 60 million sources. According to the website of its manufacturer, Prism “actively tracks the social media activities that result in increased social tension, disorderly conduct, protest sentiments and extremism.” Or, as Forbes put it, “Prism sees social media as a battlefield.””

Difficult to find other sources on the subject of Volodin’s Prism. NYT is plenty canonical for present purposes, but seems like Forbes source should be easier to trace.

I don’t trust 4chan as a source, but on /pol/ May 2014 there is what may be an auto-translated paragraph, which reads:

“At present, the Russian special services have no control over these sites , however, conduct external monitoring events, and look for the ” holes” in the protection of resources to deal with the political opposition , they can already .Note , some media reported earlier to establish a system to monitor social media developed by “Medialogia” . Program “Prism” supposedly allows you to track detached blog sites and social networks by scanning 60 million sources and tracking key statements users. Under the “eye” of the program were blogs users «LiveJournal», «Twitter», «YouTube», other portals . One of the alleged instances of the program installed in the office of the first deputy head of the department of internal policy of the presidential administration Vyacheslav Volodin , RBC reports “

RBC has the recent famous IRA article, so perhaps I can find whatever the source might be here (if real).

Medialogia is a new entity here.

Searching more turns up this January 2014 piece from globalvoices.org (not sure who/what that is).

“The Russian Federal Protective Service (FSO) is asking software developers to design a system that automatically monitors the country’s news and social media, producing reports that study netizens’ political attitudes. The state is prepared to pay nearly one million dollars over two years to the company that wins the state tender, applications for which were due January 9, 2014.”

Link to the site where the tender is listed. Name, auto-translated from Russian:

“Providing services for providing the results of automatic selection of media information, studying the information field, monitoring blogs and social media”

Organization:
Special communication of the FSO of Russia

Mailing address
Russian Federation, 107031, Moscow, Bolshoy Kiselny lane, house 4,

[…]

The contact person
Karygin Mikhail Yakovlevich”

Globalvoices also links out to iz.ru January 2014 article (auto-translated).

“Professionals, using specialized systems, will have to provide FSO with a personal compilation of messages from bloggers, which will allow daily monitoring of significant events on specific topics and regions. In addition, monitor negative or positive color of events. Information materials will be preliminarily processed, they will be grouped on specific topics: the president, the administration of the president’s administration, the prime minister, opposition protests, governors, negative events in the country, incidents, criticism of the authorities.”

Advox / Globalvoices (supported by Ford Foundation), which I’m starting to agree with, also says, in regards to the above iz.ru article:

“Izvestia’s coverage of the story bears all the hallmarks of Kremlin-friendly reportage, sandwiching comments by one critic of the FSO between two supporters of monitoring the Internet.”

Globalvoices links to this as the Medialogia website.

This text from their corporate site seems to match pretty well the Prism NYT description at top:

Blog monitoring and analysis reports

Medialogia offers regular blogosphere monitoring and analysis for companies. Monitoring sources: more than 40,000 social media, including LiveJournal, Twitter, VKontakte, Blogi@Mail.ru, Ya.ru, industry blogs and forums.”

Is this a real company and product? Hard to really tell.

Tacking this on here, though not strictly related – it came up in similar searches and seems worth saving: Russia Beyond, December 2016 on new Russian cyber-security doctrine.

In his words, Russia’s government has paid special attention to countering new “Twitter revolutions,” those similar to the ones that occurred in the Middle East in the beginning of the decade.

“The Arab Spring demonstrated that Facebook, Twitter and other instant messaging services allow a lot of content that threatens social and political stability. The main thing is that we don’t have an effective model for blocking such processes,” said Demidov.

 

 

Internet Research Agency Overview

This June 2015 Adrian Chen NY Times piece is kinda the ‘canonical’ source with regards to the alleged Russian-government-linked Internet Research Agency.

  • Address: 55 Savushkina Street, St. Petersburg

“The Columbian Chemicals hoax was not some simple prank by a bored sadist. It was a highly coordinated disinformation campaign, involving dozens of fake accounts that posted hundreds of tweets for hours, targeting a list of figures precisely chosen to generate maximum attention. The perpetrators didn’t just doctor screenshots from CNN; they also created fully functional clones of the websites of Louisiana TV stations and newspapers. The YouTube video of the man watching TV had been tailor-made for the project. A Wikipedia page was even created for the Columbian Chemicals disaster, which cited the fake YouTube video. As the virtual assault unfolded, it was complemented by text messages to actual residents in St. Mary Parish. It must have taken a team of programmers and content producers to pull off.”

  • Informant, supposed former employee: Ludmila Savchuk

“The first thing employees did upon arriving at their desks was to switch on an Internet proxy service, which hid their I.P. addresses from the places they posted; those digital addresses can sometimes be used to reveal the real identity of the poster. Savchuk would be given a list of the opinions she was responsible for promulgating that day. Workers received a constant stream of “technical tasks” — point-by-point exegeses of the themes they were to address, all pegged to the latest news.”

“The point was to weave propaganda seamlessly into what appeared to be the nonpolitical musings of an everyday person.”

“Management was obsessed with statistics — page views, number of posts, a blog’s place on LiveJournal’s traffic charts — and team leaders compelled hard work through a system of bonuses and fines. “It was a very strong corporate feeling,” Savchuk says. Her schedule gave her two 12-hour days in a row, followed by two days off. Over those two shifts she had to meet a quota of five political posts, 10 nonpolitical posts and 150 to 200 comments on other workers’ posts. “

Savchuk:

“While employed there, she copied dozens of documents to her personal email account and also plied her co-workers for information. She made a clandestine video of the office. In February, she leaked it all to a reporter for Moi Raion, a local newspaper known for its independent reporting. The documents, together with her story, offered the most detailed look yet into the daily life of a pro-Kremlin troll. “

  • Russian media claims IRA is funded by restaurater Evgeny Prigozhin
  • Prigozhin –> Concord (holding company)
  • An employee of Concord was spotted as IRA team leader
  • Concord approves payments to IRA (leaked emails)

“The boom in pro-Kremlin trolling can be traced to the antigovernment protests of 2011, when tens of thousands of people took to the streets after evidence of fraud in the recent Parliamentary election emerged. The protests were organized largely over Facebook and Twitter and spearheaded by leaders, like the anticorruption crusader Alexei Navalny, who used LiveJournal blogs to mobilize support. The following year, when Vyascheslav Volodin, the new deputy head of Putin’s administration and architect of his domestic policy, came into office, one of his main tasks was to rein in the Internet. Volodin, a lawyer who studied engineering in college, approached the problem as if it were a design flaw in a heating system. Forbes Russia reported that Volodin installed in his office a custom-designed computer terminal loaded with a system called Prism, which monitored public sentiment online using 60 million sources. According to the website of its manufacturer, Prism “actively tracks the social media activities that result in increased social tension, disorderly conduct, protest sentiments and extremism.” Or, as Forbes put it, “Prism sees social media as a battlefield.””

[Note: unable to find original source on Forbes mention. Also, is there some link to PRISM (surveillance program)?]

Russian crackdowns on internet (same NYT source):

“Laws were passed requiring bloggers to register with the state. A blacklist allowed the government to censor websites without a court order. Internet platforms like Yandex were subjected to political pressure, while others, like VKontakte, were brought under the control of Kremlin allies. Putin gave ideological cover to the crackdown by calling the entire Internet a “C.I.A. project,” one that Russia needed to be protected from.”

Columbian Chemicals hoax:

“The chain that links the Columbian Chemicals hoax to the Internet Research Agency begins with an act of digital subterfuge perpetrated by its online enemies. Last summer, a group called Anonymous International — believed to be unaffiliated with the well-known hacktivist group Anonymous — published a cache of hundreds of emails said to have been stolen from employees at the agency.”

… “The emails indicated that the Internet Research Agency had begun to troll in English. One document outlined a project called “World Translation”; the problem, it explained, was that the foreign Internet was biased four to one against Russia, and the project aimed to change the ratio. Another email contained a spreadsheet that listed some of the troll accounts the agency was using on the English-language web. After BuzzFeed reported on the leak, I used the spreadsheet to start mapping the network of accounts on Facebook and Twitter, trying to draw connections.”

[Note: I believe this is the Buzzfeed reporting from June 2014.

Trying to locate a copy of the actual leaks (presumably in Russian?), and the described spreadsheet.

Independent Russian newspaper account of infiltrating the agency.]

“Soshnikov showed me how he used a service called Yomapic, which maps the locations of social-media users, to determine that photos posted to Infosurfing’s Instagram account came from 55 Savushkina. He had been monitoring all of the content posted from 55 Savushkina for weeks and had assembled a huge database of troll content.”

  • FAN – Federal News Agency shares same address / building.
  • People’s News, same address

I can see now why that 2015 Chen NYT article is the canonical source for all this stuff.

Jumping to Buzzfeed’s 2014 reporting on the Internet Research Agency leaked emails from Anonymous International:

“The documents show instructions provided to the commenters that detail the workload expected of them. On an average working day, the Russians are to post on news articles 50 times. Each blogger is to maintain six Facebook accounts publishing at least three posts a day and discussing the news in groups at least twice a day. By the end of the first month, they are expected to have won 500 subscribers and get at least five posts on each item a day. On Twitter, the bloggers are expected to manage 10 accounts with up to 2,000 followers and tweet 50 times a day.”

  • Names as IRA leader: Igor Osadchy
  • Possibly founded in April 2014

Buzzfeed article links to this Russian site as holding the leaked emails. I clicked the link at the site and was re-directed to a mega.nz page reading telling me the file was unavailable because the account had multiple Terms of Service violations.

[Note: immediately after that, I experienced an unusual glitch on my self-hosted WordPress site telling me my session had expired and to log back in. Suspicious!]

Still can’t find the Buzzfeed 2014 Anonymous leaked spreadsheet of account names. But in November 2017, Recode published the House Intelligence committee blocked Twitter account list. Perhaps there is some cross-over?

Meduza 2015 article about Shaltai Boltai (Humpty Dumpty), the hacker group responsible for IRA leaks.

“Shaltai also released documents about how Concord, a company owned by Kremlin-connected restaurant owner Evgeny Prigozhin, apparently coordinates an army of pro-Putin “Internet trolls” through an outfit called the Internet Research Agency.

Igor Osadchy, whom the leaked emails name as the director of Translator, a project at the Internet Research Agency tasked with placing comments in foreign news media, later sued Shaltai for personal data theft. A representative at Roskomnadzor, Russia’s federal agency for media oversight, then announced, “A court has determined that the information [published by Shaltai] must be deleted, but the website’s hosting provider has not responded to our notification. Therefore, our agency has ordered Internet Service Providers to block this blog.” On July 27, 2014, acting on orders from Roskomnadzor, Russian ISPs blocked access to the domain b0ltai.org. The group’s main Twitter account, @b0ltai, was also blocked. Today, Shaltai’s website is accessible in Russia only via VPN or a mirror site. The group also runs @b0ltai2, a duplicate Twitter account, still unblocked in Russia, that reproduces all the first account’s posts, down to its retweets.”

… “In August 2014, Anonymous International released archives from three different email accounts allegedly belonging to Dmitri Medvedev, as well as correspondence from Duma deputy and United Russia member Robert Shlegel about an organized “troll” attack on the websites of major American and British news media (including The New York Times, CNN, the BBC, USA Today, and The Huffington Post).”

The Atlantic, October 2013 article about online Russian propaganda trolls.

  • Article lists St. Petersburg address: 131 Lakhtinsky Prospekt
  • 8 hr not 12 hr days
  • Free lunch
  • Uncertain name of above outfit. IRA mentioned seemingly separately. Other Google searches for this address point to same source text.

Adrian Chen, New Yorker July 2016 article about Russian hacks.

RBC.ru Russian language article about Internet Research Agency, October 2017. [Quotes via Google Translate Chrome extension]

“[The IRA ran] at least 118 communities and accounts on Facebook, Instagram and Twitter […] In August-September 2017, all identified communities with a combined audience of 6 million people were blocked by Facebook and Twitter.”

… “Communities associated with the “troll factory” for two years initiated about 40 offline events in the US cities, said a source close to the leadership of the organization. ”

… ”

Assistance in their conduct was provided by approximately 100 local activists who, according to the interlocutors of RBC magazine, did not know who they were dealing with: all communication was on the Internet, in English and from fake accounts.”

RBC.ru source is probably another “canonical”-ish source, which many other news articles refer to.

Guardian, April 2015 article on Russian troll factory.

“The Guardian spoke to two former employees of the troll enterprise, one of whom was in a department running fake blogs on the social network LiveJournal, and one who was part of a team that spammed municipal chat forums around Russia with pro-Kremlin posts. Both said they were employed unofficially and paid cash-in-hand. ”

… ““We had to write ‘ordinary posts’, about making cakes or music tracks we liked, but then every now and then throw in a political post about how the Kiev government is fascist, or that sort of thing,” she said.

Scrolling through one of the LiveJournal accounts she ran, the pattern is clear. There are posts about “Europe’s 20 most beautiful castles” and “signs that show you are dating the wrong girl”, interspersed with political posts about Ukraine or suggesting that the Russian opposition leader Alexei Navalny is corrupt.”

… “Instructions for the political posts would come in “technical tasks” that the trolls received each morning, while the non-political posts had to be thought up personally.”

… “The trolls worked in teams of three. The first one would leave a complaint about some problem or other, or simply post a link, then the other two would wade in, using links to articles on Kremlin-friendly websites and “comedy” photographs lampooning western or Ukrainian leaders with abusive captions.

Marat shared six of his technical task sheets from his time in the office with the Guardian. Each of them has a news line, some information about it, and a “conclusion” that the commenters should reach.”

“Leaked documents have linked the opaque company running the troll factory to structures close to the Kremlin, but there has been no hard evidence. “

Buzzfeed June 2014 about how IRA targeted Harry Potter fans, and other topics.

Guardian November 2016 article on government manipulation of social media.

” In 2011 the PR firm Bell Pottinger told undercover journalists that they could “create and maintain third-party blogs”, and spruce up Wikipedia profiles and Google search rankings. “

Links out to BBC March 2012 article about Bell Pottinger Wikipedia scandal.

Telegraph June 2015 article on Savchuk:

“She was put in the so-called Special Projects department using the LiveJournal blogging platform, where, she says, “people pretending to be individual bloggers– a fortune teller, a soldier, a Ukrainian man – had to, between posts about daily life or interesting facts, insert political reflections”. “

New York Times, May 2016 about Finnish activist exposing Russian trolls:

““They fill the information space with so much abuse and conspiracy talk that even sane people start to lose their minds,” she added.”

… “Pro-Russian activists insist that they are merely exercising their right to free speech, and that they do not take money or instructions from Moscow.”

Newsweek, October 2017 article on trolls, bots and fake news.

Regarding Azerbaijan:

“Social media has been a part of his presidential strategy since at least 2010, when members of the country’s main youth group, IRELI, were instructed to proliferate pro-government opinions online. As troll training-centers multiplied across the country—one source says there were 52 in different towns and cities, funded with government money…”

Article compares pro-government troll efforts around the world ^.

“It is estimated that 45% of Twitter activity in Russia is managed by such accounts.”

Estimated how, and by whom?

Independent, October 2017, accounts of IRA from a supposed former employee.

[Note, WordPress won’t accept article link: http://www.independent.co.uk/news/world/americas/us-politics/hillary-clinton-sex-tape-russia-body-double-troll-farm-employee-claims-a8023901.html ]

“He worked at the company from November 2014 to April 2015 and said he would impersonate “Kentucky rednecks” and African-Americans online on a regular basis.”

Daily Beast, Oct. 2017, version of same story.

“And Baskaev fingered Putin pal Yevgeny Prigozhin as his former “boss,” or “our guy who gives us money.” But the real head of the American department, he said, was the Azerbaijani-born Dzheykhun Aslanov—known simply as “Jay.””

Wired, September 2017 article discussing switch from IRA name to Glavset:

[Link problem continuing: https://www.wired.com/story/facebook-may-have-more-russian-troll-farms-to-worry-about/ ]

“The IRA, which was the subject of a 2015 New York Times Magazine investigation, may have been behind many of the bogus Facebook ads, the company says.

Of course, things aren’t as simple as that. Russian corporate records indicate Internet Research Agency has been inactive since December 2016. But that doesn’t mean that Russians no longer engage in such activity. According to Russia researchers at the liberal advocacy group Center for American Progress, there’s reason to believe the Internet Research Agency is operating under a new name: Glavset.

A Russian tax filing reveals that Glavset, which launched in February 2015, operates out of the same office building—55 Savushkin Street in St. Petersburg—that once housed the Internet Research Agency. The filing lists Mikhail Ivanovich Bystrov, former head of the Internet Research Agency, as its general director.”

… “It’s not clear whether Glavset purchased political ads on Facebook, or any other platform. A Facebook spokesman could not immediately say whether Facebook uncovered any ads placed by Glavset in the investigation it revealed Wednesday. That probe found 470 inauthentic pages and accounts affiliated with Internet Research Agency; Facebook turned that information over to special counsel Robert Mueller.”

NY Times September 2017 fake Russian accounts bought $100,000 ads on Facebook.

“Facebook officials said the fake accounts were created by a Russian company called the Internet Research Agency, which is known for using “troll” accounts to post on social media and comment on news websites.”

Is there a link to a blog post or other official testimony of them linking these accounts and ad buys to IRA?

Same source:

“Mr. Stamos wrote that while some of the ads specifically mentioned the two candidates, most focused instead on issues that were polarizing the electorate: “divisive social and political messages across the ideological spectrum — touching on topics from LGBT matters to race issues to immigration to gun rights.””

Ah, here we go, looks like the NYT source for the Stamos Facebook account quotes–a September 2017 Facebook security post.

Describes multiple sets of review data:

“In reviewing the ads buys, we have found approximately $100,000 in ad spending from June of 2015 to May of 2017 — associated with roughly 3,000 ads — that was connected to about 470 inauthentic accounts and Pages in violation of our policies. Our analysis suggests these accounts and Pages were affiliated with one another and likely operated out of Russia.”

The second more broad:

“In this latest review, we also looked for ads that might have originated in Russia — even those with very weak signals of a connection and not associated with any known organized effort. This was a broad search, including, for instance, ads bought from accounts with US IP addresses but with the language set to Russian — even though they didn’t necessarily violate any policy or law. In this part of our review, we found approximately $50,000 in potentially politically related ad spending on roughly 2,200 ads.”

August 2017 announcement by Facebook they will not allow advertising by pages that repeatedly share fake news.

Jumping back for a second to NYT Sept. 2017 article linked above:

“One question underlying the investigation of possible collusion between the Trump campaign and Russia is whether Russia-sponsored operators would have needed any guidance from American political experts. Facebook said that some of the ads linked to Russian accounts had targeted particular geographic areas, which may raise questions about whether anyone had helped direct such targeting.”

Wikipedia Web brigades article.

Linked off the Wikipedia page: November 2017, Washington Post.

“President Trump retweeted content from a fake account affiliated with Russia, a member of a Senate Judiciary Subcommittee revealed this week.

The account in question, @10_gop, tweeted “We love you, Mr. President,” and Trump retweeted the post saying “So nice, thank you!” on Sept. 19.”

“FOLLOW THE MEMES…”

Wikipedia web brigades page continuing:

“Any blog post written by an agency employee, according to the leaked files, must contain “no fewer than 700 characters” during day shifts and “no fewer than 1,000 characters” on night shifts. Use of graphics and keywords in the post’s body and headline is also mandatory. In addition to general guidelines, bloggers are also provided with “technical tasks” – keywords and talking points on specific issues, such as Ukraine, Russia’s internal opposition and relations with the West.[21]”

… “In 2015 Lawrence Alexander disclosed a network of propaganda websites sharing the same Google Analytics identifier and domain registration details, allegedly run by Nikita Podgorny from Internet Research Agency. The websites were mostly meme repositories focused on attacking Ukraine, Euromaidan, Russian opposition and Western policies. Other websites from this cluster promoted president Putin and Russian nationalism, and spread alleged news from Syria presenting anti-Western viewpoints.[37]”

… “In August 2015 Russian researchers correlated Google search statistics of specific phrases with their geographic origin, observing increases in specific politically loaded phrases (such as “Poroshenko”, “Maidan”, “sanctions”) starting from 2013 and originating from very small, peripheral locations in Russia, such as Olgino, which also happens to be the headquarters of the Internet Research Agency company.[38]”

Wikipedia Internet Research Agency page:

Wikipedia, re: Trolls from Olgino:

“The group’s office in Olgino, a historical district of Saint Petersburg, was exposed by Novaya Gazeta newspaper in 2013.[3]”

… “According to journalists’ investigations, the office in Olgino was named as Internet Research Agency Ltd. (Russian: ООО «Агентство интернет-исследований»).[3][8] The company was founded in the summer of 2013.[6]

Below citations link out to Russian language sites (for possible use to establish time-line):

“In 2014, according to Russian media, Internet Research Ltd. (Russian: ООО «Интернет исследования»), founded in March 2014, joined the agency’s activity. Novaya Gazeta newspaper claim this company to be a successor of Internet Research Agency Ltd.[10] Internet Research Ltd. is considered to be linked to Yevgeny Prigozhin, head of the holding company Concord. The “Trolls of Olgino” from Saint Petersburg are considered to be his project. As of October 2014, the company belonged to Mikhail Bystrov, who had been the head of the police station at Moscow district of Saint Petersburg.[11]”

… “Russian media point out that according to documents, published by hackers from Anonymous International, Concord is directly involved with trolling administration through the agency. Researchers cite e-mail correspondence, in which Concord gives instructions to trolls and receives reports on accomplished work.[5] ”

… “59°59′03.5″N 30°16′19.1″E

According to Russian online newspaper DP.ru, several months before October 2014 the office moved from Olgino to a four-story building at 55 Savushkina Street.[11][12][17]”

… “Novaya Gazeta newspaper reported that, according to Alexey Soskovets, head of the office in Olgino, North-Western Service Agency was hiring employees for similar projects in Moscow and other cities in 2013.[3]

From Novaya Gazeta September 2013 article (Google Translate from Russian):

“From the data of the Unified State Register of Legal Entities, it follows that the organization was registered on July 26, 2013. The founder is Mikhail Kurkin, the general director is Nikolai Chumakov.”

… “

Whew, well I think that’s a fairly exhaustive round-up of top links and quotes relative to the subject. Will try to condense this down into a more human-readable format in coming days.

 

Persona Management Systems, Propaganda & The Internet Research Agency

Little bit of thread-connecting here for my own mental house-keeping:

  1. It is being increasingly reported that state-sponsored actors around the world are using social media to covertly influence public opinion, both at home and abroad.
  2. It’s a known fact that the US Military/CENTCOM/Airforce awarded a contract to Ntrepid to develop an online ‘persona management system’ for exactly this purpose under Operation Earnest Voice.
  3. Still determing exact status of current law, but it may now be technically legal for the government to disseminate propaganda to domestic audiences.
  4. HBGary leaked emails describe proposed operational details of personas or “characters” for such a persona management system according to levels of developed detail.
  5. Official news sources report that the Russian-based Internet Research Agency used tactics like those described above to influence the outcome of the US election, infiltrate social movements and sow discord and misinformation using social media and other methods.
  6. Russia has a known history of using similar tactics prior to the advent of this agency (IRA), particularly in relation to manipulation of youth movement and dirty tricks in Ukraine.
  7. Fake news factories out of countries like Macedonia manipulated social opinion for financial gain via a network of fraudulent social media accounts and independent blog sites. It is unknown, that I can tell, whether there is any evidence made public at this time which would link especially Macedonian fake news to personnel, money, or instructions from the Internet Research Agency, or other arm of the Russian government.

HB Gary leaks

HBGary company description on Wikipedia. (Current November 2017)

“It has been reported that HBGary Federal was contracted by the US government to develop astroturfing software which could create an “army” of multiple fake social media profiles.[38][39]

Later it was reported that while data security firm HBGary Federal was among the “Persona Management Software” contract’s bidders listed on a government website, the job was ultimately awarded to a firm that did not appear on the FedBizOpps.gov page of interested vendors. “This contract was awarded to a firm called Ntrepid,” Speaks wrote to Raw Story.[40]”

[Link to technical spec and project overview from Federal project site above]

Ars Technica, February 2011 article on Anonymous hack:

“HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group’s actions, including the denial-of-service attacks that hit MasterCard, Visa, and other perceived enemies of WikiLeaks late last year.

When Barr told one of those he believed to be an Anonymous ringleader about his forthcoming exposé, the Anonymous response was swift and humiliating. HBGary’s servers were broken into, its e-mails pillaged and published to the world, its data destroyed, and its website defaced.”

SQL injection through their custom third party content management system, apparently. Above article is mainly technical description of how Anonymous perpetrated attack.

Wired, February 2011 focused on HBGary side of the tale:

“Barr would do things like correlate timestamps; a user in IRC would post something, and then a Twitter post on the same topic might appear a second later. Find a few of these links and you might conclude that the IRC user and the Twitter user were the same person.”

Rawstory, February 2011:

“HBGary, which conspired with Bank of America and the Chamber of Commerce to attack WikiLeaks, spy on progressive writers and use malware against progressive organizations, was also revealed to have constructed software eerily similar to what the Air Force sought. “

Paragraph above links out to another February 2011 Rawstory piece with more details about the Chamber of Commerce story.

Cory Doctorow BoingBoing piece from February 2011 about the persona management proposal. Quotes from one of the leaked emails:

“For this purpose we custom developed either virtual machines or thumb drives for each persona. This allowed the human actor to open a virtual machine or thumb drive with an associated persona and have all the appropriate email accounts, associations, web pages, social media accounts, etc. pre-established and configured with visual cues to remind the actor which persona he/she is using so as not to accidentally cross-contaminate personas during use…”

Tracking the source email on Wikileaks for the above, but this is referenced on an archive.is page as being another PDF related to persona management and development system. (email ID 359)

Quote from email 359 PDF attachment:

“These accounts are maintained and updated automatically through RSS feeds, retweets, and linking together social media commenting between platforms. With a pool of these accounts to choose from, once you have a real name persona you create a Facebook and LinkedIn account using the given name, lock those accounts down and link these accounts to a selected # of previously created social media accounts, automatically pre-aging the real accounts.”

Okay, so it looks like the BoingBoing quote comes from the Word document attached to email 2142, some kind of white paper/project proposal for a new client.

Section of interest: “Persona and Content Development”. Text on Wikileaks’ docx file seems to agree with the text here at Archive.is.

Excerpted quotes from the section about “Character levels”:

Level 0 Character: Used mostly for quick and temporal communication. No persona description required. These characters have specific user accounts or email addresses that are used for quick communications or to satisfy very specific mission requirements that do not require any more in-depth use. […]

Level 1 Character: These accounts have slightly more depth with created generic names that generate significant hits when the name is queried on search engine and other social media platforms. These accounts are meant to provide slightly more depth for use in establishing contact with individuals and at a glance appearing to be real. Any accounts established for this type of a character would have the most strict privacy settings so as to hide the lack of detail associated with these accounts. As an example, an established level 1 persona might have an associated gmail address with a Facebook, twitter, and or linkedin account. All of the associated social media accounts would be set to the highest privacy settings so no details would be visible other than an account exists and may or may not be associated with a specific email address. […]

Level 2 Character: Level 2 characters are similar to level 1 characters except they provide slightly more detail on the personas background and may require some paid services to set up creative content pages for more in-depth exercise engagements. This requires more upfront character development so as to make a persona that will be viewed as plausible throughout the engagement. […] This means automated content generation mixed with human generated content related to the persona at a frequency that would be consistent with the personas background. […] HBGary Federal has devised a set of techniques that can make personas appear real, such as manipulating GPS coordinates and using location based services to checkin to specific locations, or using twitter hashtags and specific tweets to make it appear as if a persona is attending a specific conference. […]

Level 3 Character: The most detailed character. These personas are required to conduct human-to-human direct contact likely in-person to satisfy some more advanced exercise requirements. This character must look, smell, and feel 100% real at the most detailed level. […] Using some of our micro-blogging techniques for auto-generating content we can manage many of these types of accounts automatically and age them. Then when a real persona is created for a particular exercise we can associate a twitter, YouTube, and blog account that has been aging and link it to a LinkedIn and Facebook profile that was just created. This gives the perception that this person has been around in this space for a while. HBGary Federal also has experience in developing LLCs, phone services, websites, etc. to establish the corporate bonafides. There are also other tricks we can use to build friends lists quickly so as to give the perception the persona is social or professionally active.”

Ars Technica, March 2012 follow-up:

“The HBGary hackers collectively called themselves Internet Feds. They then started working under the name LulzSec, rapidly achieving infamy for a series of high-profile break-ins (victims including PBS, Sony, and Nintendo) and denial-of-service attacks. But by late September 2011, everyone in LulzSec except one member, avunit, had been identified, and every identified member except pwnsauce had been arrested.”

 

Technical spec for internet sockpuppet system

Operation Earnest Voice, Wikipedia page (current as of November 2017), describes a request for proposal put out by a branch of the federal government to create an application whereby agents could put on persistant created personas in order to engage in propaganda and intelligence operations online. In other words, it’s a system for astroturfing, sock-puppets and shills.

Linking out to Archive.org version of the June 2010 fbo.gov  proposal, we can see the technical specifications for the desired application. Essential components include:

  • 50 User Licenses, 10 Personas per user.
  • Personas include “background , history, supporting details, and cyber presences that are technically, culturally and geographically consistent.”
  • Personas must be able to appear to be from any part of the world.
  • Personas must be able to interact and operate on social media services.
  • VPN option enabling daily, automatic randomized IP addressing.
  • Ability to blend traffic with outside sources for cover.
  • Static, persistent and identity-protected IP option.
  • Unique servers in each part of the world to direct traffic through.
  • Remote access through a secure desktop environment. “Every session uses a clean Virtual Machine (VM) image. […] Upon session termination, the VM is deleted and any virus, worm, or malicious software that the user inadvertently downloaded is destroyed.”

It appears to be a complete solution, enabling 50 agents to appear to be at least 500 unique actors online.

I’m still a little unclear as to what the current restrictions such a program would face where individuals in domestic United States might be exposed, at least in terms of propaganda efforts. Wikipedia quote, which sounds technically probably true:

“Isaac R. Porche, a researcher at the RAND corporation, claims it would not be easy to exclude US audiences when dealing with internet communications.[5]”

Washington Times in March 2011 states:

“The software is used for what the military calls “information operations” that use “classified social media activities outside the United States to counter violent extremist ideology and enemy propaganda,” Centcom spokesman Cmdr. Bill Speaks told The Washington Times.

Information operations include activities designed “to influence, disrupt, corrupt or usurp adversarial human and automated decision-making while protecting our own,” according to Pentagon documents. Such activities include disinformation campaigns, or military deception; computer network operations, or hacking; and what used to be called psychological warfare operations or “psy-ops,” but is now referred to as “military information support operations.””

That article (2011) also claims:

“Cmdr. Speaks said the Central Command program operates only on overseas social media sites.

“We do not target U.S. audiences, and we do not conduct these activities on sites owned by U.S. companies,” he said.”

It’s possible the 2012 Smith-Mundt Modernization Act changed their operating parameters, but I’m still verifying that…

I don’t trust Huffington Post too much as a source, but there is an interesting quote by them on the private sector equivalents of the Earnest Voice software in also a March 2011 article:

“Last month, hacker group Anonymous unloaded a batch of 50,000 emails from security firm HBGary, where documents indicated that the firm was in the process of developing their own persona management software. The document outlined some of the proposed strategies for creating verisimilitude:

“Using hashtags and gaming some location based check-in services we can make it appear as if a persona was actually at a conference and introduce himself/herself to key individuals as part of the exercise, as one example. There are a variety of social media tricks we can use to add a level of realness to all fictitious personas.”

I will try to follow up on this HBGary reference in a separate article.

Macedonian fake news sites and shadow tracking

There is a good CNN video, 13 minutes, here about the city of Veles in Macedonia, which emerged as one of the capitals of fake news deployment in run up to US 2016 election.

Also an article from the Guardian, July 2017, about investigation into Russian ties to fake news sites.

“Mattes, a former Senate investigator, did some digging into the sudden phenomenon of eastern European Sanders enthusiasts. He found a spike in activity on the anonymous browsing tool Tor in Macedonia that coincided with the launch of the fake news campaign, which he believes could represent Russian handlers contacting potential east European hosts to help them set up automated websites.”

Jonathan Albright’s November 2016 Medium post about the marriage of propaganda, misinformation, and analytics draws together all these threads into a darkly amazing tapestry. Albright:

“I’m going to use the data I’ve collected for this project to make the argument that this “micro-propaganda machine” is not only a source of “fake news,” political noise, and strategic misinformation, it’s weaponized, behavioral-tracking shadow tech…

The data trails left from visiting these propaganda/hoax/viral/ misinformation “fake news” sites are being used to reflect on people’s past decisions to influence the future: It’s called predictive modeling.”

 

 

Quebec Bill 62 & The Charter of Rights and Freedoms

I’ve been loosely following the story of Quebec’s so-called “Religious Neutrality” Bill 62, which recently passed and which prohibits full face coverings in the context of receiving a variety of government services. Text of the bill may be found on the Quebec Assembly Nationale website in PDF form.

Relevant text from the bill:

DIVISION II

SERVICES WITH FACE UNCOVERED

9. […] Similarly, persons receiving services from such personnel members must have their face uncovered…

Division III deals with criteria for determining religious accomodations to above, with references to section 10 of the Charter of human rights and freedoms of Quebec.

From the Charter, items 3 through 5 seem relevant:

3. Every person is the possessor of the fundamental freedoms, including freedom of conscience, freedom of religion, freedom of opinion, freedom of expression, freedom of peaceful assembly and freedom of association.

4. Every person has a right to the safeguard of his dignity, honour and reputation.

5. Every person has a right to respect for his private life.

Freedom of religion, right to safeguard of dignity, respect for private life. Also relevant, from a discrimination perspective:

CHAPTER I.1
RIGHT TO EQUAL RECOGNITION AND EXERCISE OF RIGHTS AND FREEDOMS

10. Every person has a right to full and equal recognition and exercise of his human rights and freedoms, without distinction, exclusion or preference based on race, colour, sex, gender identity or expression, pregnancy, sexual orientation, civil status, age except as provided by law, religion, political convictions, language, ethnic or national origin, social condition, a handicap or the use of any means to palliate a handicap.

Discrimination exists where such a distinction, exclusion or preference has the effect of nullifying or impairing such right.

I’m not a lawyer, but I would break this down like so:

  • The Charter grants religious freedom, and safeguards dignity and privacy.
  • The covering of the face specifically targeted in Bill 62 is exclusively religious in nature.
  • The Charter expressly prohibits limitation of the full and equal recognition and exercise of one’s rights and freedoms on the basis of religion.
  • Were there many other common cases where individuals seek government services with faces covered, there might be a stronger argument to be made that Bill 62 does not have the effect of targeting people based on their religion, and preventing them from exercising their religious rights.

It will be interesting to see how this bill is challenged in the courts.

Heaven over Sun

The sign was a dangerous omen for humans of limited means. Heaven over Sun. Exo/Sola. Celestial excess driving Solar nourishment. Rich foods. Unimagined spices. Pleasure realms. Persephone. Possibly dangerous substances for mortals. Places design for Corporeals and associated hybrids.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén